Researchers have uncovered several zero-day flaws affecting billions of Bluetooth-enabled devices, including smartphones, TVs, laptops, watches, smart TVs and more.
Dubbed “BlueBorne,” the attack vector enables malicious actors to leverage the short-range wireless protocol to take full control over targeted devices, access data and spread malware to other adjacent IoT devices.
According to researchers at Armis Labs, who discovered the flaws, the attack does not require the targeted device to be paired to the attacker’s device, or even be set on discoverable mode.
“By spreading through the air, BlueBorne targets the weakest spot in the networks’ defense – and the only one that no security measure protects,” researchers said in a blog post. “Spreading from device to device through the air also makes BlueBorne highly infectious.”
BlueBorne is comprised of eight related vulnerabilities, four of which are classified as critical. The security holes were identified in the Bluetooth implementations in Android, Microsoft, Linux and iOS:
- Linux kernel RCE vulnerability – CVE-2017-1000251
- Linux Bluetooth stack (BlueZ) information leak vulnerability – CVE-2017-1000250
- Android information leak vulnerability – CVE-2017-0785
- Android RCE vulnerability #1 – CVE-2017-0781
- Android RCE vulnerability #2 – CVE-2017-0782
- The Bluetooth Pineapple in Android – Logical Flaw – CVE-2017-0783
- The Bluetooth Pineapple in Windows – Logical Flaw – CVE-2017-8628
- Apple Low Energy Audio Protocol RCE vulnerability – CVE-2017-14315
Armis Labs researchers explained how to attack can be carried out:
“The BlueBorne attack vector has several stages. First, the attacker locates active Bluetooth connections around him or her. Devices can be identified even if they are not set to “discoverable” mode. Next, the attacker obtains the device’s MAC address, which is a unique identifier of that specific device. By probing the device, the attacker can determine which operating system his victim is using, and adjust his exploit accordingly. The attacker will then exploit a vulnerability in the implementation of the Bluetooth protocol in the relevant platform and gain the access he needs to act on his malicious objective. At this stage the attacker can choose to create a Man-in-The-Middle attack and control the device’s communication, or take full control over the device and use it for a wide array of cybercriminal purposes.”
Researchers warn BlueBorne could potentially affect all devices with Bluetooth capabilities, an estimated 8.2 billion devices today.
Nonetheless, researchers worked closely with Google, Microsoft, Apple, Samsung and Linux to ensure a safe, secure and coordinated response to the vulnerabilities identified.
Lamar Bailey, director of security research and development at Tripwire, stressed that BlueBorne vulnerabilities are a good reason why IT security teams should treat Bluetooth like any open port. “[The best] mitigation is to turn it off, unless you must have it,” Bailey told Dark Reading. “Use wired devices when possible,” especially around sensitive data, he said.